Newer
Older
package ca.nrc.cadc.auth;
Brian Major
committed
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.AC;
import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.Authenticator;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.reg.client.RegistryClient;
import ca.nrc.cadc.vosi.avail.CheckResource;
import ca.nrc.cadc.vosi.avail.CheckWebService;
/**
* Implementation of default Authenticator for AuthenticationUtil in cadcUtil.
* This class augments the subject with additional identities using the access
* control library.
*
* @author pdowler
*/
public class AuthenticatorImpl implements Authenticator
{
private static final Logger log = Logger.getLogger(AuthenticatorImpl.class);
public AuthenticatorImpl()
{
}
/**
* @param subject
* @return the possibly modified subject
*/
public Subject getSubject(Subject subject)
{
AuthMethod am = AuthenticationUtil.getAuthMethod(subject);
if (am == null || AuthMethod.ANON.equals(am))
{
return subject;
}
if (subject != null && subject.getPrincipals().size() > 0)
{
Profiler prof = new Profiler(AuthenticatorImpl.class);
ACIdentityManager identityManager = new ACIdentityManager();
identityManager.augmentSubject(subject);
prof.checkpoint("AuthenticatorImpl.augmentSubject()");
if (subject.getPrincipals(HttpPrincipal.class).isEmpty()) // no matching cadc account
{
// check to see if they connected with an client certificate at least
// they should be able to use services with only a client certificate
if (subject.getPrincipals(X500Principal.class).isEmpty())
{
// if the caller had an invalid or forged CADC_SSO cookie, we could get
// in here and then not match any known identity: drop to anon
log.debug("HttpPrincipal not found - dropping to anon: " + subject);
subject = AuthenticationUtil.getAnonSubject();
}
}
}
return subject;
}
public static CheckResource getAvailabilityCheck()
{
try
{
RegistryClient regClient = new RegistryClient();
URI serviceURI = new URI(AC.GMS_SERVICE_URI);
URL availURL = regClient.getServiceURL(serviceURI, "http", "/availability");
return new CheckWebService(availURL.toExternalForm());
}
catch (MalformedURLException e)
{
throw new RuntimeException(e);
}
catch (URISyntaxException e)
{
throw new RuntimeException(e);
}
}
}